﻿using System;
using System.Collections.Generic;
using System.Configuration;
using System.Data;
using System.Data.SqlClient;
using System.Linq;
using System.Web;
using System.Web.UI;
using System.Web.UI.WebControls;

public partial class User_Information_Information : System.Web.UI.Page
{

    protected void Page_Load(object sender, EventArgs e)
    {
        if (Session["Username"] != null)
        {
            btnRedirect.Visible = true;
            BtnLogin.Visible = false;
            BtnLogout.Visible = true;
        }
        else
        {
            btnRedirect.Visible = false;
            BtnLogin.Visible = true;
            BtnLogout.Visible = false;
        }

        if (!IsPostBack)
        {
            if (Session["Username"] == null)
            {
                Response.Redirect("../Login/Login.aspx");
            } else
            if (Session["AccessRight"] == null) 
            {
                Response.Redirect("../AccessWrong/Default.aspx");
            }
            
        }
        showUser();

    }
    private void showUser()
    {
        String strCon = ConfigurationManager.ConnectionStrings["SQLConnectionString"].ToString();
        SqlConnection myCon = new SqlConnection(strCon);
        myCon.Open();
        SqlCommand cmd = new SqlCommand("select * from _User", myCon);
        SqlDataAdapter da = new SqlDataAdapter(cmd);
        DataTable ds = new DataTable();
        da.Fill(ds);
        tbUser.DataSource = ds;
        tbUser.DataBind();
        myCon.Close();
    }
    protected void btnView_Click(object sender, EventArgs e)
    {
        Label2.Text = "";
        txtViewUser.Text = "";
        string sql = "select * from _User where UID = '{0}'";
        sql = string.Format(sql, txtViewUID.Text);
        search(sql);
    }
    private bool isAllFieldRequire() 
    {
        if (string.IsNullOrWhiteSpace(txtUID.Text) || string.IsNullOrWhiteSpace(txtUsername.Text) || string.IsNullOrWhiteSpace(txtPassword.Text)) 
        {
            return false;
        }
        return true;
    }
    private bool isRightPassword() 
    {
        if (txtPassword.Text.Length < 6) 
        {
            return false;
        }
        return true;
    }
    private bool isRightUsername() 
    {
        String strCon = ConfigurationManager.ConnectionStrings["SQLConnectionString"].ToString();
        SqlConnection myCon = new SqlConnection(strCon);
        myCon.Open();
        string sql = "select * from _User where Username = '{0}'";
        sql = string.Format(sql, txtUsername.Text);
        SqlCommand cmd = new SqlCommand(sql, myCon);
        SqlDataAdapter da = new SqlDataAdapter(cmd);
        DataTable ds = new DataTable();
        da.Fill(ds);
        if (ds.Rows.Count == 0&&txtUsername.Text.Length>=6)
        {
            myCon.Close();
            return true;
        }
        myCon.Close();
        return false;
    }
    private bool isRightUID()
    {
        String strCon = ConfigurationManager.ConnectionStrings["SQLConnectionString"].ToString();
        SqlConnection myCon = new SqlConnection(strCon);
        myCon.Open();
        string sql = "select * from _User where UID = '{0}'";
        sql = string.Format(sql, txtUID.Text);
        SqlCommand cmd = new SqlCommand(sql, myCon);
        SqlDataAdapter da = new SqlDataAdapter(cmd);
        DataTable ds = new DataTable();
        da.Fill(ds);
        if (ds.Rows.Count == 0)
        {
            myCon.Close();
            return true;
        }
        myCon.Close();
        return false;
    }
    protected void btnSave_Click(object sender, EventArgs e)
    {
        txtViewUID.Text = "";
        txtViewUser.Text = "";
        if (!isRightUID()) 
        {
            lblUID.Text = "UID duplicate";
            return; 
        }
        if (!isRightUsername()) 
        {
            lblUsername.Text = "Username duplicate or lower than 6 character";
            return;
        }
        if(!isRightPassword())
        {
            lblPassword.Text = "Password lower than 6 character";
            return;
        }
        if (!isAllFieldRequire()) 
        {
            Label2.Text = "All field require";
            return;
        }
        
        String strCon = ConfigurationManager.ConnectionStrings["SQLConnectionString"].ToString();
        SqlConnection myCon = new SqlConnection(strCon);
        myCon.Open();
        string sql = "insert into _User values ('{0}','{1}','{2}','{3}') ";
        sql = String.Format(sql, txtUID.Text, txtUsername.Text, txtPassword.Text, txtAccessRight.Text);
        SqlCommand cmd = new SqlCommand(sql, myCon);
        cmd.Connection = myCon;
        try
        {
            cmd.ExecuteNonQuery();
        }
        catch (Exception )
        {
        }
        myCon.Close();
        lblUID.Text = "";
        lblPassword.Text = "";
        lblUsername.Text = "";
        Label2.Text = "Success";
        showUser();
    }
    protected void btnViewU_Click(object sender, EventArgs e)
    {
        Label2.Text = "";
        txtViewUID.Text = "";
        string sql = "select * from _User where Username = '{0}'";
        sql = string.Format(sql, txtViewUser.Text);
        search(sql);
    }
    private void search(string s) 
    {
        txtUID.Text = "";
        txtUsername.Text = "";
        txtPassword.Text = "";
        txtAccessRight.SelectedIndex = 0;
        String strCon = ConfigurationManager.ConnectionStrings["SQLConnectionString"].ToString();
        SqlConnection myCon = new SqlConnection(strCon);
        myCon.Open();       
        SqlCommand cmd = new SqlCommand(s, myCon);
        SqlDataAdapter da = new SqlDataAdapter(cmd);
        DataTable ds = new DataTable();
        da.Fill(ds);
        if(ds.Rows.Count==0)  {
            Label2.Text = "No user have this information!!!";
            return;}
        txtUID.Text = ds.Rows[0][0].ToString();
        txtUsername.Text = ds.Rows[0][1].ToString();
        txtPassword.Text = ds.Rows[0][2].ToString();
        if (ds.Rows[0][3].ToString() != "admin")
        {
            txtAccessRight.SelectedIndex = 1;
        }
        else txtAccessRight.SelectedIndex = 0;
        myCon.Close();
    }
    protected void tbUser_RowDeleting(object sender, GridViewDeleteEventArgs e)
    {
        String strCon = ConfigurationManager.ConnectionStrings["SQLConnectionString"].ToString();
        SqlConnection myCon = new SqlConnection(strCon);
        myCon.Open();
        string sql = "delete from _User where UID = '{0}'";
        sql = string.Format(sql,tbUser.Rows[e.RowIndex].Cells[1].Text);
        SqlCommand cmd = new SqlCommand(sql, myCon);
        try
        {
            cmd.ExecuteNonQuery();
        }
        catch (Exception)
        {
        }
        myCon.Close();
        showUser();
    }
    protected void tbUser_SelectedIndexChanging(object sender, GridViewSelectEventArgs e)
    {
        txtUID.Text = tbUser.Rows[e.NewSelectedIndex].Cells[1].Text;
        txtUsername.Text = tbUser.Rows[e.NewSelectedIndex].Cells[2].Text;
        txtPassword.Text = tbUser.Rows[e.NewSelectedIndex].Cells[3].Text;
        if (tbUser.Rows[e.NewSelectedIndex].Cells[4].Text != "admin")
        {
            txtAccessRight.SelectedIndex = 1;
        }
        else txtAccessRight.SelectedIndex = 0;
    }
    protected void btnUpdate_Click(object sender, EventArgs e)
    {
        txtViewUID.Text = "";
        txtViewUser.Text = "";
        String strCon = ConfigurationManager.ConnectionStrings["SQLConnectionString"].ToString();
        SqlConnection myCon = new SqlConnection(strCon);
        myCon.Open();
        string sql = "update _User set Username = '{0}', Pass_word = '{1}', AccessRight = '{2}' where UID = '{3}'";
        sql = String.Format(sql, txtUsername.Text, txtPassword.Text, txtAccessRight.Text, txtUID.Text);
        SqlCommand cmd = new SqlCommand(sql, myCon);
        cmd.Connection = myCon;
        try
        {
            cmd.ExecuteNonQuery();
        }
        catch (Exception)
        {
        }
        myCon.Close();
        showUser();
    }
    protected void btnDelete_Click(object sender, EventArgs e)
    {
        txtViewUID.Text = "";
        txtViewUser.Text = "";
        String strCon = ConfigurationManager.ConnectionStrings["SQLConnectionString"].ToString();
        SqlConnection myCon = new SqlConnection(strCon);
        myCon.Open();
        string sql = "delete from _User where UID = '{0}'";
        sql = String.Format(sql, txtUID.Text);
        SqlCommand cmd = new SqlCommand(sql, myCon);
        cmd.Connection = myCon;
        try
        {
            cmd.ExecuteNonQuery();
        }
        catch (Exception)
        {
        }
        myCon.Close();
        showUser();
    }
    protected void btnRedirect_Click(object sender, EventArgs e)
    {
        clsLogIn a = (clsLogIn)(Session["Username"]);

        if (a.IsAdmin)
        {
            Response.Redirect("../User Information/Information.aspx");
        }
        else
        {
            Response.Redirect("../Add Products/AddProducts.aspx");
        }
    }
    protected void BtnLogin_Click(object sender, EventArgs e)
    {
        Response.Redirect("../Login/Login.aspx");

    }
    protected void BtnLogout_Click1(object sender, EventArgs e)
    {
        Session["Username"] = null;
        Response.Redirect("../Login/Login.aspx");
    }
}